Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

Monitoring of a Ceph Cluster with Ceph-dash on CentOS 7


Ceph-dash is is a WSGI application based on the Flask framework for monitoring of Ceph clusters. It uses librados to communicate with the Ceph cluster. Ceph-dash has a nice dashboard, it is easy to install has many features, including InfluxDB and Graphite support.

In this tutorial, I will show you to install Ceph-dash and configure it to run under an apache web server with SSL and mod_auth support. In the first Ceph tutorial, we’ve already installed a ‘Ceph cluster’, in this tutorial, we will configure ceph-dash on the monitor host ‘mon1‘ of that setup.

Prerequisites

  • Ceph Cluster – Ceph I Tutorial
  • Monitor node CentOS 7 – mon1
  • Root privileges

Step 1 – Installing Ceph-dash Dependencies

In this first step, we will install the dependencies needed by ceph-dash, including apache web server and mod_ssl.

Connect to the mon1 node from the ceph-admin node.

ssh mon1

Install all dependencies needed with the yum command.

sudo yum -y install httpd mod_wsgi mod_ssl git

Then start apache/httpd and add it to be started at boot time.

sudo systemctl start httpd
sudo systemctl enable httpd

Step 2 – Download Ceph-dash

Ceph-dash is an open source application, available from the github repository. Clone the repository to the /var/www/ directory.

cd /var/www/html/
git clone https://github.com/Crapworks/ceph-dash.git

By default, apache/httpd is running under the user name ‘apache’, so we need to change the owner of ceph-dash files and directories to the ‘apache’ user.

sudo chown -R /var/www/html/ceph-dash/

Step 3 – Configure an Apache Virtual Host for Ceph-dash

Ceph-dash provides a sample of a virtual host configuration for apache and Nginx in the ‘contrib’ directory. We will use apache as the web server for Ceph-dash, so we need to copy the configuration file for apache to the apache/httpd directory.

cd /var/www/html/ceph-dash/
cp contrib/apache/cephdash /etc/httpd/conf.d/cephdash.conf

Go to the virtual host configuration directory and edit cephdash.conf file.

cd /etc/httpd/conf.d/
vim cephdash.conf

Change value of the ‘ServerName‘ to your domain name – in my case ceph-mon.co

Change the wsgi daemon process to runn as the apache user.

Change the cephdash.wsgi directory to ‘/var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi’.

Change the SSL configuration directory to ‘/etc/httpd/ssl/‘.

Change the ceph-dash directory to ‘/var/www/html/ceph-dash‘, then add the basic auth configuration.

Below is the configuration.

<VirtualHost *:80>
    ServerName ceph-mon.co
 
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/server-status
    RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
 
<VirtualHost *:443>
    ServerName ceph-mon.co
 
    WSGIDaemonProcess cephdash user=apache group=apache processes=1 threads=5
    WSGIScriptAlias / /var/www/html/ceph-dash/contrib/wsgi/cephdash.wsgi
    WSGIPassAuthorization On
 
    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/ssl.crt
    SSLCertificateKeyFile /etc/httpd/ssl/ssl.key
 
    <Directory /var/www/html/ceph-dash>
        WSGIProcessGroup cephdash
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all
 
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Directory>
</VirtualHost>

Save the file and exit the editor.

Step 4 – Configure SSL and Apache Basic Auth

In the virtual host configuration, we’ve already defined the SSL configuration in the ‘/etc/httpd/ssl’ directory, so we need to create the SSL cert and key there.

mkdir -p /etc/httpd/ssl/

Now generate a self-signed SSL certificate file with the OpenSSL command.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/httpd/ssl/ssl.key -out \
/etc/httpd/ssl/ssl.crt

Change the permissions of the certificate file to 600.

chmod 600 /etc/httpd/ssl/*

Next, add apache basic auth with the htpasswd command below to password protect the Ceph-dash access.

htpasswd -c /etc/httpd/htpasswd hakase
Type your password:

hakase is the username that I#ve chosen.

If all is done, test the apache configuration file with the apachectl command and make sure the result is ‘Syntax OK‘, then restart apache.

apachectl configtest
sudo systemctl restart httpd

Step 5 – Add HTTP and HTTPS Port to Firewalld

On the monitor node ‘mon1‘, firewalld is enabled. We have to open a new port for the http and https connection so we can access Ceph-dash from a web browser.

Add the http and https port to firewalld with the firewall-cmd command.

sudo firewall-cmd –zone=public –add-port=80/tcp –permanent
sudo firewall-cmd –zone=public –add-port=443/tcp –permanent

Reload the firewalld configuration.

sudo firewall-cmd –reload

Step 6 – Testing

Open your web browser and type in the ceph-mon.co domain (use the domain name that you have chosen for your ceph-dash installation) in the address bar, press enter.

You will be asked for username and password, type in your username and password that you used in the htpasswd file.

Now you can see the Ceph-dash dashboard.

Cluster health Status, Monitor node status, OSD nodes status.

Storage and PG status.

Ceph-dash has been installed under an apache web server on the monitor node ‘mon1‘.

 

Comments

comments